Re: Request for unredacted text of National Security Presidential Directive concerning cybersecurity policy and related documentsDisposition: Granting in part and denying in part defendant's motion for summary judgment; granting in part and denying in part plaintiff's cross-motion for summary judgment

Procedural Requirements, "Agency Records": The court finds that "as it pertains to [the Presidential Directive], summary judgment is granted to the defendant and denied to the plaintiff." The court first addresses, "the question of whether [the Presidential Directive] is an 'agency record' at all, which is a threshold question the Court must resolve before turning to the applicability of any exemptions." The court begins its analysis by relating that "defendant has admitted that it 'obtained' [the Presidential Directive]." The court continues to find that, "[t]he second, 'control' prong is ultimately fatal to the plaintiff's request." The court states that, "the parties do not dispute that [the Presidential Directive] originated with the President or the [National Security Counsel]." The court notes that, "[t]he law in this Circuit is clear that the [National Security Counsel] is not an 'agency' for the purposes of the FOIA." The court continues to state that, "[t]he parties also do not dispute that the President placed significant limits on the distribution of [the Presidential Directive]." The court specifically notes that, "[f]or instance, only specific, high-ranking Presidential advisors were given the directive, and they themselves could only distribute the directive to those within their agencies with a 'need to know.'" "Indeed, the defendant's declarant notes that '[e]xplicit White House permission is further required before redistributing [the Presidential Directive] to overseas organizations within the Agency or to other Governmental agencies/organizations,' and the memorandum accompanying [the Presidential Directive] 'makes explicitly clear that a recipient of [the Presidential Directive] should not distribute or disclose the document without express permission from the White House.'" Overall, the court finds that, "[t]he White House has manifested its intent to control the entirety of [the Presidential Directive] and its dissemination even within agencies to which the document was distributed"

Exemption 1: The court finds that defendant properly asserted Exemption 1 as to the remaining documents. The court explains that, "plaintiff does not challenge [defendant's] purported justification for the classification, but rather that the individual declarants did not have adequate classification authority." The court concludes that, "[c]onsidering the substantial deference the Court must show to agency declarations when Exemption 1 is claimed, and in the absence of any evidence other than a bald assertion that the declarants have not proven that they are valid classification authorities, despite their sworn affidavits to the contrary, the Court grants summary judgment to the defendant on its Exemption 1 withholdings in [the remaining documents]."

Procedural Requirements, Searching for Responsive Records: The court agrees with plaintiff's argument that, "defendant improperly narrowed its search when responding to the second part of the plaintiff's requests" by searching "only for records distributed 'to the NSA' rather than 'to any federal agency charged with implementing the cybersecurity scheme,' as stated in the plaintiff's request." The court notes that, "plaintiff is correct that 'an agency ... has a duty to construe a FOIA request liberally.'" Therefore, the court finds that, "defendant is directed to produce to the plaintiff records discovered responsive to the second part of the plaintiff's request, including executing protocols in the defendant's possession that were distributed to other relevant federal agencies, that were received by [defendant] or distributed by [defendant], unless those records are properly withheld, in whole or in part, under exemptions to the FOIA."